package com.ryx.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.ryx.shiro.CustomAccessControFilter;

import com.ryx.shiro.CustomHashedCredentialsMatcher;
import com.ryx.shiro.cache.ShiroCacheManager;
import com.ryx.shiro.realm.CustomRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;


/**
 * @BelongsPackage: com.ryx.config
 * @Author: 容永轩
 * @CreateTime: 2020-11-22
 * @Description:  shiro配置类
 */
@Configuration
public class ShiroConfig {

    //注入cacheManager
    @Bean
    public ShiroCacheManager cacheManager(){
        return new ShiroCacheManager();
    }

    //注册自定义匹配器
    @Bean
    public CustomHashedCredentialsMatcher customHashedCredentialsMatcher(){
        return new CustomHashedCredentialsMatcher();
    }

    //注册自定义域
    @Bean
    public CustomRealm customRealm(){
        CustomRealm customRealm = new CustomRealm();
        customRealm.setCacheManager(cacheManager());
        customRealm.setCredentialsMatcher(customHashedCredentialsMatcher());
        return customRealm;
    }
//安全管理器环境
    @Bean
    public SecurityManager securityManager(){

        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(customRealm());

        return defaultWebSecurityManager;
    }

//shiro 核心策略  filter策略
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        //自定义拦截器限制并发人数,参考博客：
        LinkedHashMap<String, Filter> filtersMap = new LinkedHashMap<>();

        //用来校验token
        filtersMap.put("token", new CustomAccessControFilter());
        shiroFilterFactoryBean.setFilters(filtersMap);

        Map<String, String> hashMap = new LinkedHashMap<>();

        // 配置不会被拦截的链接 这个必须放在前面 或者会被覆盖导致失效
        hashMap.put("/api/user/login", "anon");
        hashMap.put("/upload/image/**","anon");
        hashMap.put("/api/file/**","anon");
        hashMap.put("/index/**","anon");
        hashMap.put("/images/**", "anon");
        hashMap.put("/js/**", "anon");
        hashMap.put("/layui/**", "anon");
        hashMap.put("/css/**", "anon");
        hashMap.put("/treetable-lay/**", "anon");
        hashMap.put("/api/user/token", "anon");
        //放开swagger-ui地址
        hashMap.put("/swagger/**", "anon");
        hashMap.put("/v2/api-docs", "anon");
        hashMap.put("/swagger-ui.html", "anon");
        hashMap.put("/swagger-resources/**", "anon");
        hashMap.put("/webjars/**", "anon");
        hashMap.put("/favicon.ico", "anon");
        hashMap.put("/captcha.jpg", "anon");
        //druid sql监控配置
        hashMap.put("/druid/**", "anon");
        hashMap.put("/**","token,authc");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(hashMap);
        return shiroFilterFactoryBean;

    }

    //开启shiro aop注解支持.
    //使用代理方式;所以需要开启代码支持;
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

//thymeleaf支持 shiro注解
    @Bean
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }





}
